The History Of The Cybersecurity Risks

Published Date: 02 Nov 2017

CHAPTER 6

CYBERSECURITY RISKS

Recent study shows a number of scandalous events over the past year and a half in the world of cyber-security. Some events include: mass breaks of customer information at Sony and elsewhere, the Stuxnet worm's furtive attack on the Iranian nuclear database, the security breach at defense worker Lockheed Martin and the Chinese electronic break-in at Google.

These events led US Attorney-General Eric Holder to remark recently, "Cybercrime threatens the safekeeping of our systems as well as the integrity of our marketplaces." Such openings of security have forced a broad recognition that, in spite of the difficulties, all those using the net must accept cyber-security as part of their task.

Cyber intrusions are fast becoming the standard at even the world's most technologically sophisticated companies. This surprisingly includes some companies that have safety as their main mission.

The problem at RSA is an example, the security company owned by EMC. This tricky prompted the National Security Agency to presage that RSA's SecurID keys, with the fastest-changing numeric passwords, should no longer be adequate to allowance access to critical infrastructure. The bargained security keys were tangled in the May hacker attack of Lockheed Martin.

Security openings are reaching wider and lower. And not just through one-time doses like the one on Sony which revealed details on hundred million users of its online gaming networks. Consumers' systems are progressively at risk directly from virus infections that are hidden by standard security software and that do more injury than their predecessors.

The fastest growing types of contaminations install software that records keystrokes, including logins, passwords. Then the data is whisked off to ultramarine criminal gangs that make use of consumers' particular information.

Other Factors

Compounding and hitching these cyber threats are two fast-growing phenomena. The phenomena are:

Social networking.

The personal information of an individual is often given by them at social websites that can be used alongside them in phishing scams. Embattled emails to employees are the transfer method of choice for intrusions such as those at Google and RSA. These emails were made more reliable by public information collected on employees at various social networking sites.

Rise of Mobile Devices.

These are devices usually controlled by employees but frequently have prevalent workplace access. These devices are just opening to be targeted by in earnest by hackers. What is surprising here is how archaic the thinking is at various businesses. Many times smartphones and tablets are issued to staffs without encryption, confirmation or anti-malware software.

What the Future Holds

The advances in software and the cumulative use of the internet have made cyber resistance more difficult, not easier. The illicit gangs are great capitalists. They make currency from one scam and reinvest the money into new research and development to stay gaining of the cyber security profession. And they pay their "professionals" top dollar to retain them happy and hacking.

There is growing evidence of politically motivated attacks over the internet, targeting various organization and companies, from 'hacktivists'. Hacktivists generally use techniques involving relatively ingenuous malware but which use the absolute weight of numbers. These types of attacks have brought down systems belonging to companies including PayPal and Visa.

The menace is that hacktivists don't operate for the profit and loss basis. So tools and techniques that may daunt criminals because of the high cost involved to get around sanctuary measures will not work on hacktivists.

The consequence is that businesses today are forced to protect themselves on two fronts: against highly skilled cybercriminals using the newest technology and hacktivists using less sophisticated, but still successful methods.

India is on the edge of a technology revolution and the heavy force behind the same is the receipt and adoption of Information and Communication Technology (ICT) and its benefits. This technology revolution may, however, flop to bring the desired and much desirable result if we do not adopt a sound and country oriented e-governance policy. A complete e-governance policy assumes the existence of a sound and secure e-governance base as well. The security and safety of various ICT platforms and projects in India must be considered on a urgency basis before any e-governance base is made fully functional. This presumes the adoption and use of security events more particularly permitting judiciary and law implementation manpower with the knowledge and use of cyber forensics and digital evidencing.

The information technology is a twofold edge blade that can be used for destructive as well as constructive effort. Thus, the fate of many undertakings depends upon the kind or vice intentions, as the case may be, of the person dealing with and consuming the technology. For example, the creator of the "Sasser Worm" is being hired as a "Security Software Programmer" by a German firm, so that he can make firewalls, this will stop distrusted files from entering systems. [1] These methods may also be used for scrutiny the authenticity, security and safety technological device, which has been primarily relied upon and trusted for providing the security to a particular organization.

II. Cyber Forensics

The concepts of cyber security and cyber forensics are not only interconnected but also necessarily required for the achievement of each other. The previous fortifies the ICT and e-governance base whereas the last indicates the dodges and limitations of the adopted events to secure the base. The latter also becomes crucial to punish the deviants so that a warning example can be set. However, there is a problem regarding obtaining expertise in the latter feature. This is so since though a computer can be protected even by a person with simple technical information the ascertainment and preservation of the evidence is a threatening task. For a case, one can install an anti-virus software, firewall, regulate safety settings of the browser, etc. but the same cannot be said about creating a mirror copy of hard disk, removing deleted files and documents, preservative logs of activities over internet, etc. Further one can recognize the difficulty involved in the examination and presentation of a case before a law court because it is very problematic to explain the indication learned to a not so techno savvy judge. The problem becomes more complex in the absence of sufficient numbers of expert lawyers in this crucial field.

The Cyber Forensics has given new dimensions to the Criminal laws, especially the Evidence law. Electronic evidence and their collection and presentation have posed a challenge to the investigation agencies, prosecution agencies and judiciary. The scope of Cyber Forensics is no more confined to the investigation regime only but is expanding to other segments of justice administration system as well. The justice delivery system cannot afford to take the IT revolution lightly. The significance of cyber forensics emanates from this interface of justice delivery system with the Information Technology.

III. The Need of Cyber Forensics

The increasing use of IT has stood certain challenges before the justice delivery system that have to be encountered keeping in mind the current IT revolution. The current need of Cyber Forensics is vital for the following reasons:

(a) Commonly Used Existing Methods are Inadequate: The law may be categorized as functional and procedural. The functional law fixes the obligation whereas the procedural law offers the means and methods by which the functional liability has to contended, analyzed and verified. The procedural features providing for the guilt founding provisions were always there but their interface with the IT has almost created a deadlock in undercover and adjudicative mechanisms. The challenges posed by IT are strange to modern society and so must be their solution. The commonly used existing procedural mechanisms, including forensic discipline methods, are neither suitable nor appropriate for this situation. Thus, "cyber forensics" is the essential of the hour. India is the 12th country in the world which has its own cyber law (IT Act, 2000). However, most of the people of India including judges, lawyers, professors, etc, are not aware about its presence and use. The commonly used forensic methods like DNA testing, finger impressions, blood and other tests, etc. show a limited role in this arena.

(b) Moving Face of Crimes and Criminals: The practice of Internet has changed the complete platform of crime, criminal and their action. This method involves crimes like pornography, hacking, spamming, privacy violations phishing, pharming, identity theft, cyber terrorisms, etc. Certain sites are available that provides necessary technological measures to preserve secrecy.

(c) Need of Comparison: There is a ominous need to compare the outdated crimes and criminals with the crimes and criminal in the IT milieu. The following essential be the parameters of the comparison:

(a) Crime Nature

(b) Commission of the Crime

(c) Crime Purpose

(d) Crimes Players etc.

Thus, Cyber Forensics is obligatory to be used by the following players of criminal justice organization:

(a) Investigation Machinery – Non-Statutory as well as Statutory

(b) Machinery Prosecution and

(c) Machinery Adjudication – Judicial, Administrative or Quasi-judicial.

(d) Jurisdictional Dilemma: The Internet is not subject to any territorial restrictions and none can claim any control over a particular occurrence. Thus, at times there is battle of laws. The best way is to use the tool of Cyber Forensics as a "Preventive Measure" rather than using it for "Curative Purposes".